Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message #2182

Merged
merged 3 commits into from
Feb 10, 2025
Merged

Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message #2182

merged 3 commits into from
Feb 10, 2025
+166 −138

Conversation

andrewhop
Copy link
Contributor

Description of changes:

In preparation for the callback change in #2162 this change updates all the place that could abort to pass a message to a new abort function that explains why it's about to abort.

Testing:

The existing test-break-kat.go will ensure all the KATs still fail as expected and the messages they print match.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@andrewhop andrewhop requested a review from a team as a code owner February 8, 2025 01:43
@andrewhop andrewhop changed the title Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message.y Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message Feb 8, 2025
@codecov-commenter
Copy link

codecov-commenter commented Feb 8, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 69.56522% with 14 lines in your changes missing coverage. Please review.

Project coverage is 79.02%. Comparing base (41060fe) to head (033d5de).
Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
crypto/fipsmodule/self_check/self_check.c 69.56% 14 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2182      +/-   ##
==========================================
+ Coverage   78.98%   79.02%   +0.03%     
==========================================
  Files         611      612       +1     
  Lines      105878   106064     +186     
  Branches    14984    14994      +10     
==========================================
+ Hits        83633    83817     +184     
- Misses      21588    21594       +6     
+ Partials      657      653       -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

justsmth
justsmth approved these changes Feb 10, 2025
View reviewed changes
crypto/fipsmodule/bcm.c
Comment on lines +190 to +192
#define MAX_WITHIN_MSG_LEN sizeof(ASSERT_WITHIN_MSG) + (3 * STRING_POINTER_LENGTH) + MAX_FUNCTION_NAME
#define ASSERT_OUTSIDE_MSG "FIPS module spans unexpected symbol (%s), expected %p < %p || %p > %p\n"
#define MAX_OUTSIDE_MSG_LEN sizeof(ASSERT_OUTSIDE_MSG) + (4 * STRING_POINTER_LENGTH) + MAX_FUNCTION_NAME
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NP: I don't think so much precision is needed for the MAX_xxx_MSG_LEN values. Those arrays are only on the stack in the case of a failure during library initialization -- as long as the array is not so large as to cause compilation to fail, it should be fine. A "large" number like 4096 would be way more than sufficient.

@andrewhop andrewhop merged commit 5553a20 into aws:main Feb 10, 2025
115 of 120 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skmcgrail skmcgrail skmcgrail approved these changes

@justsmth justsmth justsmth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewhop @codecov-commenter @skmcgrail @justsmth